PT-2021-6779 · Node.Js+7 · Node.Js+7

Published

2021-08-12

·

Updated

2024-12-16

·

CVE-2021-22939

CVSS v3.1

5.3

Medium

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Name of the Vulnerable Software and Affected Versions Node.js (affected versions not specified)
Description The issue is related to insufficient validation of the rejectUnauthorized value in the Node.js https API. If the rejectUnauthorized parameter is set to undefined, no error is returned, and connections to servers with expired certificates are accepted. This allows a remote attacker to compromise data integrity.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Certificate Validation

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-295

Related Identifiers

ALSA-2021:3623
ALSA-2021:3666
ALT-PU-2021-2497
ALT-PU-2021-2550
ALT-PU-2022-3073
AZL-6744
BDU:2022-02171
BIT-NODE-2021-22939
BIT-NODE-MIN-2021-22939
CESA-2021_3623
CESA-2021_3666
CVE-2021-22939
DLA-3137-1
MGASA-2021-0463
OPENSUSE-SU-2021:1214-1
OPENSUSE-SU-2021:1239-1
OPENSUSE-SU-2021:1313-1
OPENSUSE-SU-2021:2875-1
OPENSUSE-SU-2021:2953-1
OPENSUSE-SU-2021:3211-1
OPENSUSE-SU-2021_1214-1
OPENSUSE-SU-2021_1239-1
OPENSUSE-SU-2021_1313-1
OPENSUSE-SU-2021_2875-1
OPENSUSE-SU-2021_2953-1
OPENSUSE-SU-2021_3211-1
OPENSUSE-SU-2024:11096-1
OPENSUSE-SU-2024:11097-1
RHSA-2021:3280
RHSA-2021:3281
RHSA-2021:3623
RHSA-2021:3638
RHSA-2021:3639
RHSA-2021:3666
RHSA-2021_3623
RHSA-2021_3666
RLSA-2021:3623
RLSA-2021:3666
SUSE-SU-2021:2823-1
SUSE-SU-2021:2824-1
SUSE-SU-2021:2875-1
SUSE-SU-2021:2953-1
SUSE-SU-2021:3184-1
SUSE-SU-2021:3211-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Node.Js
Red Hat
Rocky Linux
Suse